Page MenuHome GnuPG

gpgv verification of inline-signed data ignores leading and trailing garbage
Closed, ResolvedPublic

Description

Consider the following file:

test.txt.asc

bogus header
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJXzAw8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFREIyRTc0RjU2RkNGMkI2NzI5N0I3MzUy
NEVDRkY1QUZGNjgzNzBBAAoJECTs/1r/aDcKD44P/jPbUxpiRMVUyyk1CKELIMLB
ht0yksLIKezAUFqlvyAwU0hT7oGS5NDuMOtjDAF5ja553pQrKNGi5CM02JasYMu1
pH0UPfZYbIBQnHZGueWg+wksGP/fentGIoYbvbYYZb71r9N0Uc4hZxJboflkB33e
eFgtvqTON5pANlA6suFIhhBrKH12WnUGf++RlrBIjfngr8max4CcyGkUjQziY6Fk
IfkvVntxtvlca+bulnnQNN0tmFnk8iA8JSoib7vqlSe1HpXnl1JlduwawLVRn+7B
OqKK4BZlCb9S0ihfDroL7kzVwYjZjr+qQvpUoAOE1JhV1pwd8scSgQNqRsMNTtdS
WZ7/ugiLaMgga4cdfXuxaJoEGZE41xPIRD547+AOwvdfuJi+sX97Kx+GRNt7UQ/o
YQr23NhhxBO7DLh4cWTb3+Vr5KdUC5U6YPGzdgNwWg3ROQrLc34MN+7KGu1b09W8
D4mn/vd+AlqpQLOeJI9RHQP1C5k9BY/oMrFrn8YFIbmq3HbrnQyFepoa2obUusCn
w2Q5ki9Fnt1rFdsfjauLoaaqW1elWfhxDTcx2mbRiwVqzy/NDauMGOk5tQD7RmTk
ckqFhVFJyCOqZ19e2nZNJlK8/TdNQk4JEcoNbugJcAZlKiTtO6/Ybqum7lt7cC1U
+tEPXfFn5SN3v0PaGPyz

ZBa+

-----END PGP SIGNATURE-----
bogus footer

test.txt.asc

with the proper trustedkeys.gpg, "gpgv test.txt.asc" will succeed.

however, anyone having verified the file will not have any verification done on
the bogus header and bogus footer.

This seems like a dangerous situation. What is the user expected to do with the
file? What have they learned from running gpgv on it? There is no indication
that any text outside the message signatures has been reviewed and discarded,
even with --status-fd.

Some things that might help improve this situation:

  • provide a means for gpgv to produce the verified text (e.g.

--verified-output-fd 3) so that a user of gpgv could know what specifically had
been verified.

  • change in the return value and emit messages on status-fd if there is any

leading or trailing garbage

Details

Version
2.1.15

Event Timeline

dkg added projects: gnupg, Bug Report.
dkg added a subscriber: dkg.

The leading and trailing garbage is by design - cf. >20 years discussions on the
problem of the cleartext format. A --verify works best with a detached
signature, because only this format makes it easy to decide what has been signed.

We need to review why --output has no effect with --verify or gpgv.

marcus claimed this task.